8 Mar
2026
8 Mar
'26
9:48 a.m.
On Sun, Mar 8, 2026, at 10:27, Daniel Gultsch wrote:
I was never fully sold on the pre-authenticated roster
part of the
stack. I don’t know. I guess it’s kinda neat but I don’t really need a
mutual presence subscription to get the first message out.
You share a QR code to a friend, or they scan it from your phone, and all the
subscribe/subscribed dance is done without anyone of the 2 users receiving requests that
they need to accept or acknowledge. This sounds to me like a pretty nice value.
Why do you think its about sending a first message?
The XEPs try to separate those two concerns (I guess
partially due to
me providing the same feedback a few years ago) but do a pretty bad
job at it.
0445 is technically a separate XEP but without 0401 I have no
(standardized) way retrieving those registration tokens.
However 0401 doesn’t provide a guarantee that the server even supports
0445 and I have no way of knowing that before retrieving the invite
URI. Only after retrieving the invite URI and checking for the
existence of the ibr=y parameter I know that the server supports 0445.
It does guarantee that, it says
Romeo's server MUST support at least one
Pre-Authenticated In-Band Registration mechanism.
Though i agree we can make that even more strict, because this pre auth mechanism 445
defines, has nothing to do with specific IBR mechanism that is used later, its completely
independent, and it does not care if a server uses 0389 or 0077.
Further 445 defines a stream feature, so you *can* know that the server supports it
*before* creating the invitation. Though as 401 has already a MUST dependency on 445, not
sure why you would need to check that stream feature.
Currently, when I want to display a button in my
client that reads.
"Invite people to my server" I can’t because i have no discovery for
that.
You can check the supported commands, and check the stream feature if you think its
necessary. Personally i would only check the supported commands and depend on the server
respecting the XEPs dependencies.
About the rest i agree, this could have been all one big XEP, especially because half of
445 XEP is duplicating text about what URIs there are and what they do.
379 without server support seems to me not really worth it, you run into the topic that
you have multiple devices all not online at the same time, so even though you generated a
token on one device this does not guarantee that the subscribe flow will reach this
device.
I would opt for collapsing them all into 401, this should be possible without really
changing anything about the implementations. I also would offer my help to do that if the
author is interested.
Regards Philipp